package com.crazy.waf.attack;

import java.util.regex.Pattern;

/**
 * @author zhaochaofeng
 * @version 1.0
 * @date 2020/11/17 15:09
 */
public class XSS {
    public XSS() {
    }

    public String strip(String value) {
        String rlt = null;
        if (value != null) {
            rlt = value.replaceAll("", "");
            Pattern scriptPattern = Pattern.compile("<script>(.*?)</script>", 2);
            rlt = scriptPattern.matcher(rlt).replaceAll("");
            scriptPattern = Pattern.compile("src[\r\n]*=[\r\n]*\\'(.*?)\\'", 42);
            rlt = scriptPattern.matcher(rlt).replaceAll("");
            scriptPattern = Pattern.compile("src[\r\n]*=[\r\n]*\\\"(.*?)\\\"", 42);
            rlt = scriptPattern.matcher(rlt).replaceAll("");
            scriptPattern = Pattern.compile("</script>", 2);
            rlt = scriptPattern.matcher(rlt).replaceAll("");
            scriptPattern = Pattern.compile("<script(.*?)>", 42);
            rlt = scriptPattern.matcher(rlt).replaceAll("");
            scriptPattern = Pattern.compile("eval\\((.*?)\\)", 42);
            rlt = scriptPattern.matcher(rlt).replaceAll("");
            scriptPattern = Pattern.compile("expression\\((.*?)\\)", 42);
            rlt = scriptPattern.matcher(rlt).replaceAll("");
            scriptPattern = Pattern.compile("javascript:", 2);
            rlt = scriptPattern.matcher(rlt).replaceAll("");
            scriptPattern = Pattern.compile("vbscript:", 2);
            rlt = scriptPattern.matcher(rlt).replaceAll("");
            scriptPattern = Pattern.compile("onload(.*?)=", 42);
            rlt = scriptPattern.matcher(rlt).replaceAll("");
            scriptPattern = Pattern.compile("<iframe>(.*?)</iframe>", 2);
            rlt = scriptPattern.matcher(value).replaceAll("");
            scriptPattern = Pattern.compile("</iframe>", 2);
            rlt = scriptPattern.matcher(value).replaceAll("");
            scriptPattern = Pattern.compile("<iframe(.*?)>", 42);
            rlt = scriptPattern.matcher(value).replaceAll("");
        }
        return rlt;
    }
}
